Skip to Content
Security & privacy

Bank details of thousands exposed online for more than a year

Keeping customer information safe from hackers and threat actors is a tall order for companies nowadays. Their data is always under attack from cybercriminals waiting for that right software hole to exploit, hoping for one big payday.

But it’s not just the companies themselves who need to shore up their data security. The corporate world is filled with third-party partners and vendors that handle sensitive personal data as well.

This time around, the sensitive financial information of thousands of people has been leaked due to a bank’s third-party vendor’s mistake.

Read on and we’ll tell you about what we know so far and how to protect yourself from the aftermath.

TCM Bank Data Leak

According to a new report from KrebsOnSecurity, U.S.-based company TFM Bank has exposed applicants’ data for over a year.

TCM Bank is a financial company that helps small U.S. banks issue bank-branded credit cards to their customers. It is a subsidiary of Independent Community Bankers of America (ICBA) Bancard Inc. and it serves more than 750 small and community U.S. banks.

What kind of data are involved? The breach has reportedly exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for credit cards between early March 2017 and mid-July 2018.

Worse yet, the data breach was caused by a misconfiguration of a website managed by a third-party vendor. The data was leaked online around 16 months ago and has been exposed ever since.

According to the report, TCM first noticed the data leak on July 16, 2018 and quickly resolved the issue the following day.

Around 25 percent of customers affected

How many customers are impacted by this latest breach? Are you one of them?

TCM’s attorney Bruce Radke told KrebsOnSecurity that fewer than 10,000 customers are affected.

“It was less than 25 percent of the applications we processed during the relevant time period that were potentially affected, and less than one percent of our cardholder base was affected here,” Radke said.

“We’ve since confirmed the issue has been corrected, and we’re requiring the vendor to look at their technologies and procedures to detect and prevent similar issues going forward,” he continued.

Letters are now being mailed by TCM Bank to affected customers, however, due to contractual restrictions, TCM Bank has not revealed the third-party vendor’s identity.

This incident is another grim reminder that illustrates how businesses should be careful about choosing which partners and vendors to use.

No matter how secure their own websites are, smaller third-party partners can be the weakest link that hackers can pounce on to steal customer information.

What to do after a data breach?

Whenever a data breach like this occurs, there are standard security steps that we should all take to protect our accounts.

  • First, you should already be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.
  • Scammers will try and piggyback on data breaches like this. Beware of phishing scams that pretend to be from TCM Bank.
  • It’s also a good time to audit your online accounts and passwords. This is especially true if you use the same credentials for multiple websites. 
  • Lastly, if you think you are already compromised, put a credit freeze on your accounts as soon as you can.

Tap or click here for detailed tips on how to improve your online security.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days